The Flow Foundation is continuing to implement a remediation plan in response to a $3.9 million exploit of the blockchain on Saturday, flagging concerns about large token movements on a centralized exchange.
In a Thursday X post, Flow said it had made “significant progress” in its recovery plan, now entering phase two and expected to take several days. According to the platform, developers had “identified a path to restore EVM [Ethereum Virtual Machine] functionality” as it addressed its non-EVM chain, Cadence.
“The Community Governance Council continues executing cleanup transactions under validator-authorized boundaries, consistent with established precedents for digital asset recovery,” said Flow. “All remediation activity is publicly auditable on-chain through block explorers. Cadence and EVM remediation will now proceed simultaneously.”
The update followed Flow scrapping a previously proposed implementation plan that included a rollback of the blockchain. Many users criticized the move, saying that rolling back Flow would present decentralization and security risks.
Related: Cloudflare outage shows why crypto needs end-to-end decentralization
As part of its post-mortem report on the exploit, Flow said it was “concerned by one exchange's handling of this incident,” adding that the unnamed crypto company had not responded to requests about trading patterns. Though the foundation did not specifically call out the exchange by name, some users speculated that it could have been referring to Binance.
“Within hours of the exploit, a single account deposited 150M $FLOW, approximately 10% of total token supply, converted a substantial portion to BTC, and withdrew over $5M within the span of a few hours before the network was halted,” said Flow, referring to activity on the unnamed exchange. “This transaction pattern represents an AML/KYC failure that transferred financial risk to users who unknowingly purchased fraudulent tokens.”
Cointelegraph reached out to the Flow Foundation and Binance for comment but had not received a response at the time of publication.
Trust Wallet also addressing exploit over the holidays
On Friday, Trust Wallet reported that its browser extension had been compromised in a Christmas Day exploit, resulting in $7 million in losses.
Former Binance CEO Changpeng Zhao said at the time that the lost funds in the thousands of wallet addresses affected by the hack would be covered. As of Monday, the company said it had identified 2,596 compromised addresses, but received about 5,000 claims for reimbursement.
Magazine: How crypto laws changed in 2025 — and how they’ll change in 2026
